d74cf7c723
Only visible when you run "go test -bench" like this: $ cd gocryptfs/internal/speed $ go test -bench . goos: linux goarch: amd64 pkg: github.com/rfjakob/gocryptfs/v2/internal/speed cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz BenchmarkStupidGCM-4 202352 5937 ns/op 689.96 MB/s BenchmarkStupidGCMDecrypt-4 206023 5782 ns/op 708.38 MB/s BenchmarkGoGCM-4 291878 4098 ns/op 999.45 MB/s BenchmarkGoGCMBlockSize/1024-4 1000000 1151 ns/op 889.88 MB/s BenchmarkGoGCMBlockSize/2048-4 561182 2134 ns/op 959.60 MB/s BenchmarkGoGCMBlockSize/4096-4 292057 4101 ns/op 998.87 MB/s BenchmarkGoGCMBlockSize/8192-4 149216 8031 ns/op 1020.09 MB/s BenchmarkGoGCMBlockSize/16384-4 75361 15917 ns/op 1029.34 MB/s BenchmarkGoGCMBlockSize/32768-4 37916 31649 ns/op 1035.35 MB/s BenchmarkGoGCMBlockSize/65536-4 19005 63117 ns/op 1038.33 MB/s BenchmarkGoGCMBlockSize/131072-4 9498 126166 ns/op 1038.89 MB/s BenchmarkGoGCMBlockSize/262144-4 4755 252149 ns/op 1039.64 MB/s BenchmarkGoGCMBlockSize/524288-4 2377 504108 ns/op 1040.03 MB/s BenchmarkGoGCMBlockSize/1048576-4 1188 1008675 ns/op 1039.56 MB/s BenchmarkGoGCMDecrypt-4 294664 4059 ns/op 1009.02 MB/s BenchmarkAESSIV-4 46498 25432 ns/op 161.05 MB/s BenchmarkAESSIVDecrypt-4 46908 25509 ns/op 160.57 MB/s BenchmarkXchacha-4 244473 4894 ns/op 836.97 MB/s BenchmarkXchachaDecrypt-4 249710 4798 ns/op 853.75 MB/s BenchmarkStupidXchacha-4 166988 7101 ns/op 576.79 MB/s BenchmarkStupidXchachaDecrypt-4 163093 7240 ns/op 565.72 MB/s BenchmarkStupidChacha-4 184172 6527 ns/op 627.58 MB/s BenchmarkStupidChachaDecrypt-4 179796 6659 ns/op 615.11 MB/s PASS ok github.com/rfjakob/gocryptfs/v2/internal/speed 30.068s
170 lines
4.4 KiB
Go
170 lines
4.4 KiB
Go
// Package speed implements the "-speed" command-line option,
|
|
// similar to "openssl speed".
|
|
// It benchmarks the crypto algorithms and libraries used by
|
|
// gocryptfs.
|
|
package speed
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/rand"
|
|
"fmt"
|
|
"log"
|
|
"testing"
|
|
|
|
"golang.org/x/crypto/chacha20poly1305"
|
|
|
|
"github.com/rfjakob/gocryptfs/v2/internal/cryptocore"
|
|
"github.com/rfjakob/gocryptfs/v2/internal/siv_aead"
|
|
"github.com/rfjakob/gocryptfs/v2/internal/stupidgcm"
|
|
)
|
|
|
|
// 128-bit file ID + 64 bit block number = 192 bits = 24 bytes
|
|
const adLen = 24
|
|
|
|
// gocryptfs uses fixed-size 4 kiB blocks
|
|
const gocryptfsBlockSize = 4096
|
|
|
|
// Run - run the speed the test and print the results.
|
|
func Run() {
|
|
cpu := cpuModelName()
|
|
if cpu == "" {
|
|
cpu = "unknown"
|
|
}
|
|
aes := "; no AES acceleration"
|
|
if stupidgcm.CpuHasAES() {
|
|
aes = "; with AES acceleration"
|
|
}
|
|
fmt.Printf("cpu: %s%s\n", cpu, aes)
|
|
|
|
bTable := []struct {
|
|
name string
|
|
f func(*testing.B)
|
|
preferred bool
|
|
}{
|
|
{name: cryptocore.BackendOpenSSL.String(), f: bStupidGCM, preferred: stupidgcm.PreferOpenSSLAES256GCM()},
|
|
{name: cryptocore.BackendGoGCM.String(), f: bGoGCM, preferred: !stupidgcm.PreferOpenSSLAES256GCM()},
|
|
{name: cryptocore.BackendAESSIV.String(), f: bAESSIV, preferred: false},
|
|
{name: cryptocore.BackendXChaCha20Poly1305OpenSSL.String(), f: bStupidXchacha, preferred: stupidgcm.PreferOpenSSLXchacha20poly1305()},
|
|
{name: cryptocore.BackendXChaCha20Poly1305.String(), f: bXchacha20poly1305, preferred: !stupidgcm.PreferOpenSSLXchacha20poly1305()},
|
|
}
|
|
for _, b := range bTable {
|
|
fmt.Printf("%-26s\t", b.name)
|
|
mbs := mbPerSec(testing.Benchmark(b.f))
|
|
if mbs > 0 {
|
|
fmt.Printf("%7.2f MB/s", mbs)
|
|
} else {
|
|
fmt.Printf(" N/A")
|
|
}
|
|
if b.preferred {
|
|
fmt.Printf("\t(selected in auto mode)\n")
|
|
} else {
|
|
fmt.Printf("\n")
|
|
}
|
|
}
|
|
}
|
|
|
|
func mbPerSec(r testing.BenchmarkResult) float64 {
|
|
if r.Bytes <= 0 || r.T <= 0 || r.N <= 0 {
|
|
return 0
|
|
}
|
|
return (float64(r.Bytes) * float64(r.N) / 1e6) / r.T.Seconds()
|
|
}
|
|
|
|
// Get "n" random bytes from /dev/urandom or panic
|
|
func randBytes(n int) []byte {
|
|
b := make([]byte, n)
|
|
_, err := rand.Read(b)
|
|
if err != nil {
|
|
log.Panic("Failed to read random bytes: " + err.Error())
|
|
}
|
|
return b
|
|
}
|
|
|
|
// bEncrypt benchmarks the encryption speed of cipher "c"
|
|
func bEncrypt(b *testing.B, c cipher.AEAD) {
|
|
bEncryptBlockSize(b, c, gocryptfsBlockSize)
|
|
}
|
|
|
|
// bEncryptBlockSize benchmarks the encryption speed of cipher "c" at block size "blockSize"
|
|
func bEncryptBlockSize(b *testing.B, c cipher.AEAD, blockSize int) {
|
|
authData := randBytes(adLen)
|
|
iv := randBytes(c.NonceSize())
|
|
in := make([]byte, blockSize)
|
|
dst := make([]byte, len(in)+len(iv)+c.Overhead())
|
|
copy(dst, iv)
|
|
|
|
b.SetBytes(int64(len(in)))
|
|
b.ResetTimer()
|
|
for i := 0; i < b.N; i++ {
|
|
// Reset dst buffer
|
|
dst = dst[:len(iv)]
|
|
// Encrypt and append to nonce
|
|
c.Seal(dst, iv, in, authData)
|
|
}
|
|
}
|
|
|
|
func bDecrypt(b *testing.B, c cipher.AEAD) {
|
|
authData := randBytes(adLen)
|
|
iv := randBytes(c.NonceSize())
|
|
plain := randBytes(gocryptfsBlockSize)
|
|
ciphertext := c.Seal(iv, iv, plain, authData)
|
|
|
|
b.SetBytes(int64(len(plain)))
|
|
b.ResetTimer()
|
|
for i := 0; i < b.N; i++ {
|
|
// Reset plain buffer
|
|
plain = plain[:0]
|
|
// Decrypt
|
|
_, err := c.Open(plain, iv, ciphertext[c.NonceSize():], authData)
|
|
if err != nil {
|
|
b.Fatal(err)
|
|
}
|
|
}
|
|
}
|
|
|
|
// bStupidGCM benchmarks stupidgcm's openssl GCM
|
|
func bStupidGCM(b *testing.B) {
|
|
if stupidgcm.BuiltWithoutOpenssl {
|
|
b.Skip("openssl has been disabled at compile-time")
|
|
}
|
|
bEncrypt(b, stupidgcm.NewAES256GCM(randBytes(32)))
|
|
}
|
|
|
|
// bGoGCM benchmarks Go stdlib GCM
|
|
func bGoGCM(b *testing.B) {
|
|
bGoGCMBlockSize(b, gocryptfsBlockSize)
|
|
}
|
|
|
|
func bGoGCMBlockSize(b *testing.B, blockSize int) {
|
|
gAES, err := aes.NewCipher(randBytes(32))
|
|
if err != nil {
|
|
b.Fatal(err)
|
|
}
|
|
gGCM, err := cipher.NewGCMWithNonceSize(gAES, 16)
|
|
if err != nil {
|
|
b.Fatal(err)
|
|
}
|
|
bEncryptBlockSize(b, gGCM, blockSize)
|
|
}
|
|
|
|
// bAESSIV benchmarks AES-SIV from github.com/aperturerobotics/jacobsa-crypto/siv
|
|
func bAESSIV(b *testing.B) {
|
|
c := siv_aead.New(randBytes(64))
|
|
bEncrypt(b, c)
|
|
}
|
|
|
|
// bXchacha20poly1305 benchmarks XChaCha20 from golang.org/x/crypto/chacha20poly1305
|
|
func bXchacha20poly1305(b *testing.B) {
|
|
c, _ := chacha20poly1305.NewX(randBytes(32))
|
|
bEncrypt(b, c)
|
|
}
|
|
|
|
// bStupidXchacha benchmarks OpenSSL XChaCha20
|
|
func bStupidXchacha(b *testing.B) {
|
|
if stupidgcm.BuiltWithoutOpenssl {
|
|
b.Skip("openssl has been disabled at compile-time")
|
|
}
|
|
bEncrypt(b, stupidgcm.NewXchacha20poly1305(randBytes(32)))
|
|
}
|